How to Create Cloudflare Origin CA certificate via API without providing private key and CSR

Question

Via the Cloudflare UI (see image), it's possible to create an Origin CA certificate without providing a private key and CSR. Cloudflare will generate this for you.

I've tried to find the corresponding approach using the Cloudflare API, but it seems I have to provide a self generated key and CSR when doing that.

Does anyone know if it should be possible to auto generate via the API (or Terraform/Pulumi) as well?

https://developers.cloudflare.com/api/operations/origin-ca-create-certificate#requests

Answer 1

I guess I found the answer to my question in the Pulumi provider documentation. They are creating a key and certificate signing request before using them when calling cloudflare.

https://www.pulumi.com/registry/packages/cloudflare/api-docs/origincacertificate/

# Create a CSR and generate a CA certificate
example_private_key = tls.PrivateKey("examplePrivateKey", algorithm="RSA")
example_cert_request = tls.CertRequest("exampleCertRequest",
    key_algorithm=example_private_key.algorithm,
    private_key_pem=example_private_key.private_key_pem,
    subjects=[tls.CertRequestSubjectArgs(
        common_name="",
        organization="Terraform Test",
    )])
example_origin_ca_certificate = cloudflare.OriginCaCertificate("exampleOriginCaCertificate",
    csr=example_cert_request.cert_request_pem,
    hostnames=["example.com"],
    request_type="origin-rsa",
    requested_validity=7)